package com.itmuch;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
//认证服务器的用户账号配置
@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
	
	@Bean
	public AuthenticationManager authenticationManagerBean() throws Exception {
		return super.authenticationManagerBean();
	}

	//http 请求的拦截配置
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable()//h5访问规则，post form表单提交，get表单提交，其他网站模拟A网站；
			.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED)
			.and()
			//允许任何请求访问。
			.authorizeRequests().anyRequest().permitAll();

		http.authorizeRequests().antMatchers("/dd").permitAll();
	}

	//认证的账号密码配置
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		//jdbc,redis都可以；
		//指定datasource auth.jdbcAuthentication().dataSource();
		auth.inMemoryAuthentication() // 测试用，内存保存账号、密码
			.withUser("user1").password("password1").roles("USER") // 普通用户，用户名uesr1、密码password1 
			.and()//创建一个新的builer
				.withUser("admin1").password("password2").roles("ADMIN") // 管理员，用户名admin1、密码password2
		;
	}
}
